awesome-api-security/README.md

# [awesome-apisec](https://github.com/arainho/awesome-apisec)

**A collection of awesome API Security tools and resources.**

## Awesome Repositories

Repository | Description
---- | ----
[awesome-security-apis](https://github.com/jaegeral/security-apis)| A collective list of public JSON APIs for use in security


## Tools
Repository | Description
---- | ----
[Arjun](https://github.com/s0md3v/Arjun) | HTTP parameter discovery suite
[fuzzapi](https://github.com/Fuzzapi/fuzzapi)| Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem 
[kiterunner](https://github.com/assetnote/kiterunner)| Contextual Content Discovery Tool 
[MindAPI](https://github.com/dsopas/MindAPI)| Organize your API security assessment by using MindAPI
[Astra](https://github.com/flipkart-incubator/Astra) | Automated Security Testing For REST API's

## Cheatsheets
Website | Description
---- | ----
[owasp-api-security-top-10](https://apisecurity.io/encyclopedia/content/owasp-api-security-top-10-cheat-sheet-a4.pdf) | OWASP API Security Top 10

## Wiki's / Encyclopedias
Website | Description
---- | ----
[API Security Encyclopedia](https://apisecurity.io/encyclopedia/content/api-security-encyclopedia.htm)  | APIsecurity.io - API Security Encyclopedia

## Checklist
Repository | Description
---- | ----
[API-Security-Checklist](https://github.com/shieldfy/API-Security-Checklist) | Checklist of the most important security countermeasures when designing, testing, and releasing your API 

## Training / Labs
Website | Description
---- | ----
[Kontra - OWASP Top 10 for API](https://application.security/free/owasp-top-10-API) | Is a series of free interactive application security training modules that teach developers how to identify and mitigate security vulnerabilities in their web API endpoints.
[Pentesting Lab: vAPI](https://github.com/roottusk/vapi) | vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable PHP Interface that mimics OWASP API Top 10 scenarios in the means of Exercises.

## Presentations / Videos
Website | Description
---- | ----
[pentesting-rest-apis](https://www.slideshare.net/OWASPdelhi/pentesting-rest-apis-by-gaurang-bhatnagar) | Pentesting Rest API's by :- Gaurang Bhatnagar
[Securing your APIs](https://owasp.org/www-chapter-singapore/assets/presos/Securing_your_APIs_-_OWASP_API_Top_10_2019,_Real-life_Case.pdf) | “How Secure are you APIs?” - Securing your APIs: OWASP API Top 10 2019, Case Study and Demo
[api-security-testing-for-hackers](https://www.bugcrowd.com/resources/webinars/api-security-testing-for-hackers) | API Security Testing For Hackers
[bad-api-hapi-hackers](https://www.bugcrowd.com/resources/webinars/bad-api-hapi-hackers)| Bad API, hAPI Hackers!
[disclosing-information-via-your-apis](https://www.bugcrowd.com/resources/webinars/hidden-in-plain-site-disclosing-information-via-your-apis/) | Hidden in Plain Site: Disclosing Information via Your APIs
[rest-in-peace-abusing-graphql](https://www.bugcrowd.com/resources/webinars/rest-in-peace-abusing-graphql-to-attack-underlying-infrastructure) | REST in Peace: Abusing GraphQL to Attack Underlying Infrastructure

## Projects
Project | Description
---- | ----
[owasp api security project](https://owasp.org/www-project-api-security/) | OWASP API Security Project - API Security Top 10

## Newsletters
Newsletter | Description
---- | ----
[api security articles](https://apisecurity.io/#newsletter1) | API Security Articles - The Latest API Security News, Vulnerabilities & Best Practices

## Other resources
Location | Description
---- | ----
[List of API endpoints & objects](https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d) | A list of 3203 common API endpoints and objects designed for fuzzing.

## Other useful repositories
Website | Description
---- | ----
[31-days-of-API-Security-Tips](https://github.com/smodnix/31-days-of-API-Security-Tips) | This challenge is Inon Shkedy's 31 days API Security Tips.
[Awesome REST](https://github.com/marmelab/awesome-rest)          | A collaborative list of great resources about RESTful API architecture, development, test, and performance. Feel free to contribute to this on-going list.
[How to design a REST API ](https://blog.octo.com/en/design-a-rest-api) | How to design a REST API? - Full guide tackling security, pagination, filtering, versioning, partial answers, CORS, etc.
[API Penetration Testing](https://blog.securelayer7.net/api-penetration-testing-with-owasp-2017-test-cases) | API Penetration Testing with OWASP 2017 Test Cases
[api-security-testing-how-to-hack](https://smartbear.com/blog/test-and-monitor/api-security-testing-how-to-hack-an-api-part-1/)| API Security Testing – How to Hack an API and Get Away with It (Part 1 of 3)
[GraphQL penetration testing](https://blog.yeswehack.com/yeswerhackers/how-exploit-graphql-endpoint-bug-bounty/) | How to exploit GraphQL endpoint: introspection, query, mutations & tools
-												fix link
											
										
										
											2020-08-14 13:39:47 -04:00
+								# [awesome-apisec](https://github.com/arainho/awesome-apisec)
-												create readme
											
										
										
											2020-08-14 13:18:44 -04:00
 								**A collection of awesome API Security tools and resources.**
-												Awesome REST
											
										
										
											2020-08-14 13:25:03 -04:00
+								## Awesome Repositories
 								Repository | Description
 								---- | ----
-												remove comment
											
										
										
											2020-08-14 13:35:55 -04:00
+								[awesome-security-apis](https://github.com/jaegeral/security-apis)| A collective list of public JSON APIs for use in security
-												create readme
											
										
										
											2020-08-14 13:18:44 -04:00
-												Arjun
											
										
										
											2020-08-14 13:32:38 -04:00
-												create readme
											
										
										
											2020-08-14 13:18:44 -04:00
+								## Tools
 								Repository | Description
 								---- | ----
-												Arjun
											
										
										
											2020-08-14 13:32:38 -04:00
+								[Arjun](https://github.com/s0md3v/Arjun) | HTTP parameter discovery suite
-												create readme
											
										
										
											2020-08-14 13:18:44 -04:00
+								[fuzzapi](https://github.com/Fuzzapi/fuzzapi)| Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
-												adding new entries kiterunner and MindAPI
											
										
										
											2021-05-04 07:27:38 -04:00
+								[kiterunner](https://github.com/assetnote/kiterunner)| Contextual Content Discovery Tool
 								[MindAPI](https://github.com/dsopas/MindAPI)| Organize your API security assessment by using MindAPI
-												adding entry for astra

Automated security testing for REST API's
											
										
										
											2021-06-19 02:51:23 -04:00
+								[Astra](https://github.com/flipkart-incubator/Astra) | Automated Security Testing For REST API's
-												create readme
											
										
										
											2020-08-14 13:18:44 -04:00
 								## Cheatsheets
 								Website | Description
 								---- | ----
 								[owasp-api-security-top-10](https://apisecurity.io/encyclopedia/content/owasp-api-security-top-10-cheat-sheet-a4.pdf) | OWASP API Security Top 10
 								## Wiki's / Encyclopedias
-												Update README.md
											
										
										
											2021-03-06 19:24:26 -05:00
+								Website | Description
-												create readme
											
										
										
											2020-08-14 13:18:44 -04:00
+								---- | ----
 								[API Security Encyclopedia](https://apisecurity.io/encyclopedia/content/api-security-encyclopedia.htm)  | APIsecurity.io - API Security Encyclopedia
-												new topic called checklist
											
										
										
											2020-08-14 13:28:53 -04:00
+								## Checklist
 								Repository | Description
 								---- | ----
-												fix link
											
										
										
											2020-08-14 13:36:22 -04:00
+								[API-Security-Checklist](https://github.com/shieldfy/API-Security-Checklist) | Checklist of the most important security countermeasures when designing, testing, and releasing your API
-												create readme
											
										
										
											2020-08-14 13:18:44 -04:00
-												kontra traning modules

Kontra - OWASP Top 10 for API
											
										
										
											2021-03-06 19:23:02 -05:00
+								## Training / Labs
-												Update README.md
											
										
										
											2021-03-06 19:24:26 -05:00
+								Website | Description
 								---- | ----
-												kontra traning modules

Kontra - OWASP Top 10 for API
											
										
										
											2021-03-06 19:23:02 -05:00
+								[Kontra - OWASP Top 10 for API](https://application.security/free/owasp-top-10-API) | Is a series of free interactive application security training modules that teach developers how to identify and mitigate security vulnerabilities in their web API endpoints.
-												pentesting lab and newsletter entries
											
										
										
											2021-05-14 04:11:47 -04:00
+								[Pentesting Lab: vAPI](https://github.com/roottusk/vapi) | vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable PHP Interface that mimics OWASP API Top 10 scenarios in the means of Exercises.
-												kontra traning modules

Kontra - OWASP Top 10 for API
											
										
										
											2021-03-06 19:23:02 -05:00
-												api security videos
											
										
										
											2020-08-16 16:59:16 -04:00
+								## Presentations / Videos
-												Update README.md
											
										
										
											2021-03-06 19:24:26 -05:00
+								Website | Description
-												Arjun
											
										
										
											2020-08-14 13:32:38 -04:00
+								---- | ----
 								[pentesting-rest-apis](https://www.slideshare.net/OWASPdelhi/pentesting-rest-apis-by-gaurang-bhatnagar) | Pentesting Rest API's by :- Gaurang Bhatnagar
-												Securing your APIs

presentation
											
										
										
											2020-08-14 13:33:51 -04:00
+								[Securing your APIs](https://owasp.org/www-chapter-singapore/assets/presos/Securing_your_APIs_-_OWASP_API_Top_10_2019,_Real-life_Case.pdf) | “How Secure are you APIs?” - Securing your APIs: OWASP API Top 10 2019, Case Study and Demo
-												api security videos
											
										
										
											2020-08-16 16:59:16 -04:00
+								[api-security-testing-for-hackers](https://www.bugcrowd.com/resources/webinars/api-security-testing-for-hackers) | API Security Testing For Hackers
 								[bad-api-hapi-hackers](https://www.bugcrowd.com/resources/webinars/bad-api-hapi-hackers)| Bad API, hAPI Hackers!
-												disclosing information via apis
											
										
										
											2020-08-19 17:14:21 -04:00
+								[disclosing-information-via-your-apis](https://www.bugcrowd.com/resources/webinars/hidden-in-plain-site-disclosing-information-via-your-apis/) | Hidden in Plain Site: Disclosing Information via Your APIs
-												rest-in-peace abusing graphql
											
										
										
											2020-08-17 10:26:40 -04:00
+								[rest-in-peace-abusing-graphql](https://www.bugcrowd.com/resources/webinars/rest-in-peace-abusing-graphql-to-attack-underlying-infrastructure) | REST in Peace: Abusing GraphQL to Attack Underlying Infrastructure
-												Arjun
											
										
										
											2020-08-14 13:32:38 -04:00
-												add owasp api security project and fix other info
											
										
										
											2021-05-09 06:23:01 -04:00
+								## Projects
-												fix project and newsletter menus
											
										
										
											2021-05-14 04:13:04 -04:00
+								Project | Description
-												add missing squares to menus
											
										
										
											2021-05-14 04:14:20 -04:00
+								---- | ----
-												add owasp api security project and fix other info
											
										
										
											2021-05-09 06:23:01 -04:00
+								[owasp api security project](https://owasp.org/www-project-api-security/) | OWASP API Security Project - API Security Top 10
-												fix project and newsletter menus
											
										
										
											2021-05-14 04:13:04 -04:00
+								## Newsletters
 								Newsletter | Description
-												add missing squares to menus
											
										
										
											2021-05-14 04:14:20 -04:00
+								---- | ----
-												pentesting lab and newsletter entries
											
										
										
											2021-05-14 04:11:47 -04:00
+								[api security articles](https://apisecurity.io/#newsletter1) | API Security Articles - The Latest API Security News, Vulnerabilities & Best Practices
-												new entry called 'other resources'

including a list of API endpoints & objects at 'other resources'
											
										
										
											2021-06-19 02:54:11 -04:00
+								## Other resources
 								Location | Description
 								---- | ----
 								[List of API endpoints & objects](https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d) | A list of 3203 common API endpoints and objects designed for fuzzing.
-												create readme
											
										
										
											2020-08-14 13:18:44 -04:00
+								## Other useful repositories
-												Update README.md
											
										
										
											2021-03-06 19:24:47 -05:00
+								Website | Description
-												create readme
											
										
										
											2020-08-14 13:18:44 -04:00
+								---- | ----
--days-of-API-Security-Tips
											
										
										
											2020-09-19 20:20:46 -04:00
+								[31-days-of-API-Security-Tips](https://github.com/smodnix/31-days-of-API-Security-Tips) | This challenge is Inon Shkedy's 31 days API Security Tips.
-												Awesome REST
											
										
										
											2020-08-14 13:25:03 -04:00
+								[Awesome REST](https://github.com/marmelab/awesome-rest)          | A collaborative list of great resources about RESTful API architecture, development, test, and performance. Feel free to contribute to this on-going list.
-												How to design a REST API
											
										
										
											2020-08-14 13:27:46 -04:00
+								[How to design a REST API ](https://blog.octo.com/en/design-a-rest-api) | How to design a REST API? - Full guide tackling security, pagination, filtering, versioning, partial answers, CORS, etc.
-												API Penetration Testing

API Penetration Testing with OWASP 2017 Test Cases
											
										
										
											2020-08-14 13:38:01 -04:00
+								[API Penetration Testing](https://blog.securelayer7.net/api-penetration-testing-with-owasp-2017-test-cases) | API Penetration Testing with OWASP 2017 Test Cases
-												api-security-testing-how-to-hack
											
										
										
											2020-08-14 13:39:01 -04:00
+								[api-security-testing-how-to-hack](https://smartbear.com/blog/test-and-monitor/api-security-testing-how-to-hack-an-api-part-1/)| API Security Testing – How to Hack an API and Get Away with It (Part 1 of 3)
-												add owasp api security project and fix other info
											
										
										
											2021-05-09 06:23:01 -04:00
+								[GraphQL penetration testing](https://blog.yeswehack.com/yeswerhackers/how-exploit-graphql-endpoint-bug-bounty/) | How to exploit GraphQL endpoint: introspection, query, mutations & tools